首页 > 编程札记 > 编程

Macfee自定义安全策略

阅读: 评论:0

Macfee自定义安全策略

Macfee自定义安全策略

路径: VirusScan Enterprise  > Access Protection Policies

 

Port blocking rules

 

<
Process
Port80
DirectionOutbound
ActionReport
Rule namePowershell HTTP remote session

 

File/folder blocking rule

 

<
Process
File

C:WindowsSys*

File actionsFiles being executed
ActionBlock, Report
Rule nameWord cmd execution

 

<
Process
File

C:WindowsSys*

File actionsFiles being executed
ActionReport
Rule nameExcel cmd execution

 

<
Process
File

C:WindowsSys*

File actionsFiles being executed
ActionBlock, Report
Rule nameWord powershell execution

 

<
Process
File

C:WindowsSys*

File actionsFiles being executed
ActionBlock, Report
Rule nameExcel powershell execution

 

<
Process
File

C:UsersPublic*.exe

File actions

New files being created, Files being executed

Action

Block, Report

Rule name

Powershell emotet launcher

 

Process*
File

C:Users*AppData*.exe

File actions

New files being created, Files being executed

Action

Block, Report

Rule name

AppData File Execution

 

Process*
File <

File actions

New files being created, Files being executed

Action

Block, Report

Rule name

Tor process launched

 

<
Process
File

C:Users*AppData*

File actions

Files being executed

Action

Block, Report

Rule name

rundll32 AppData file execution 

 

<
Process
File

C:Windows

File actions

Files being executed

Action

Block, Report

Rule name

Word certutil execution

 

<
Process
File

C:Windows

File actions

Files being executed

Action

Block, Report

Rule name

Excel certutil execution

 
<
Process
File

*.sct*

File actions

Files being executed

Action

Block, Report

Rule name

Regsvr32 sct file execution

 

<
Process
File

*.hta*

File actions

Files being executed

Action

Block, Report

File name

hta file execution

 

Registry blocking rule

 

Process*
Key

HKLM/Software/Microsoft/Windows/CurrentVersion/Run

Reg actions

Create key or value

Action

Report

Rule name

HKLM Persistence

 

Process*
Key

HKCU/Software/Microsoft/Windows/CurrentVersion/Run

Reg actions

Create key or value

Action

Report

Rule name

HKCU Persistence

 

转载于:.html

本文发布于:2024-02-03 07:01:59,感谢您对本站的认可!

本文链接:https://www.4u4v.net/it/170691491949404.html

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。

上一篇:macfee 防范规则有用集成
下一篇:服务器macfee用户自定义规则
标签:自定义   安全策略   Macfee
留言与评论(共有 0 条评论)
   
验证码:
推荐文章
排行榜
热门标签

Copyright ©2019-2022 Comsenz Inc.Powered by ©

网站地图1 网站地图2 网站地图3 网站地图4 网站地图5 网站地图6 网站地图7 网站地图8 网站地图9 网站地图10 网站地图11 网站地图12 网站地图13 网站地图14 网站地图15 网站地图16 网站地图17 网站地图18 网站地图19 网站地图20 网站地图21 网站地图22/a> 网站地图23